[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   21.659855] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   26.680529] random: sshd: uninitialized urandom read (32 bytes read)
[   27.188292] random: sshd: uninitialized urandom read (32 bytes read)
[   28.093105] random: sshd: uninitialized urandom read (32 bytes read)
[  634.273586] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts.
[  639.984867] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[  861.152224] INFO: task syz-executor045:4583 blocked for more than 140 seconds.
[  861.159873]       Not tainted 4.18.0-rc4+ #143
[  861.164511] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  861.172601] syz-executor045 D23912  4583   4579 0x00000004
[  861.178377] Call Trace:
[  861.181055]  __schedule+0x87c/0x1ed0
[  861.184960]  ? __sched_text_start+0x8/0x8
[  861.189193]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.193830]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  861.199097]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  861.204205]  ? trace_hardirqs_on+0xd/0x10
[  861.208617]  ? prepare_to_wait_event+0x396/0xc70
[  861.213535]  ? prepare_to_wait_exclusive+0x550/0x550
[  861.218992]  schedule+0xfb/0x450
[  861.222521]  ? __schedule+0x1ed0/0x1ed0
[  861.226647]  ? check_same_owner+0x340/0x340
[  861.231232]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.235836]  ? replenish_dl_entity.cold.53+0x37/0x37
[  861.241097]  request_wait_answer+0x4c8/0x920
[  861.245676]  ? fuse_read_forget.isra.22+0xdc0/0xdc0
[  861.251187]  ? finish_wait+0x430/0x430
[  861.255224]  ? finish_wait+0x430/0x430
[  861.259246]  ? finish_wait+0x430/0x430
[  861.263285]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.267985]  ? fuse_dev_ioctl+0x430/0x430
[  861.272300]  ? kasan_check_write+0x14/0x20
[  861.276661]  ? do_raw_spin_lock+0xc1/0x200
[  861.281102]  __fuse_request_send+0x12a/0x1d0
[  861.285656]  fuse_request_send+0x62/0xa0
[  861.289897]  fuse_simple_request+0x33d/0x730
[  861.294435]  fuse_send_open.isra.17+0x366/0x450
[  861.299313]  ? fuse_file_read_iter+0x250/0x250
[  861.304079]  ? _raw_spin_unlock+0x22/0x30
[  861.308386]  ? fuse_file_alloc+0x298/0x3a0
[  861.313551]  ? fsnotify+0xbb4/0x14e0
[  861.317426]  fuse_do_open+0x25c/0x540
[  861.321344]  ? fuse_file_alloc+0x3a0/0x3a0
[  861.325706]  ? fsnotify+0x14e0/0x14e0
[  861.329619]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.334354]  fuse_open_common+0x160/0x2b0
[  861.339058]  fuse_dir_open+0x22/0x30
[  861.342823]  do_dentry_open+0x818/0xe40
[  861.346861]  ? security_inode_permission+0xd2/0x100
[  861.351935]  ? fuse_dir_release+0x20/0x20
[  861.356247]  vfs_open+0x139/0x230
[  861.359837]  path_openat+0x174a/0x4e10
[  861.363786]  ? lock_acquire+0x1e4/0x540
[  861.367831]  ? path_lookupat.isra.45+0xbf0/0xbf0
[  861.372652]  ? __save_stack_trace+0x8d/0xf0
[  861.377043]  ? trace_hardirqs_on+0x10/0x10
[  861.381764]  ? save_stack+0xa9/0xd0
[  861.385438]  ? save_stack+0x43/0xd0
[  861.389111]  ? kasan_kmalloc+0xc4/0xe0
[  861.393058]  ? kasan_slab_alloc+0x12/0x20
[  861.397257]  ? kmem_cache_alloc+0x12e/0x760
[  861.401711]  ? prepare_creds+0x80/0x3f0
[  861.405770]  ? prepare_exec_creds+0x11/0xf0
[  861.410160]  ? prepare_bprm_creds+0x70/0x120
[  861.414685]  ? __do_execve_file.isra.35+0x475/0x2730
[  861.419918]  ? __x64_sys_execve+0x8f/0xc0
[  861.424480]  ? do_syscall_64+0x1b9/0x820
[  861.428598]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  861.434079]  ? find_held_lock+0x36/0x1c0
[  861.438283]  ? print_usage_bug+0xc0/0xc0
[  861.442489]  ? __lock_is_held+0xb5/0x140
[  861.446683]  ? graph_lock+0x170/0x170
[  861.450556]  do_filp_open+0x255/0x380
[  861.454503]  ? may_open_dev+0x100/0x100
[  861.458624]  ? lock_downgrade+0x8f0/0x8f0
[  861.462934]  do_open_execat+0x1fe/0x670
[  861.467062]  ? unregister_binfmt+0x2a0/0x2a0
[  861.471967]  ? do_raw_spin_lock+0xc1/0x200
[  861.476295]  __do_execve_file.isra.35+0x1827/0x2730
[  861.481453]  ? prepare_bprm_creds+0x120/0x120
[  861.486042]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  861.491347]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  861.496477]  ? __check_object_size+0x9d/0x5f2
[  861.501069]  ? usercopy_warn+0x120/0x120
[  861.505201]  ? kasan_check_read+0x11/0x20
[  861.509411]  ? rcu_is_watching+0x8c/0x150
[  861.514056]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  861.519842]  ? strncpy_from_user+0x3be/0x510
[  861.524320]  ? mpi_free.cold.1+0x19/0x19
[  861.528435]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  861.534038]  ? getname_flags+0x26e/0x5a0
[  861.538169]  __x64_sys_execve+0x8f/0xc0
[  861.542204]  do_syscall_64+0x1b9/0x820
[  861.546156]  ? syscall_return_slowpath+0x5e0/0x5e0
[  861.551308]  ? syscall_return_slowpath+0x31d/0x5e0
[  861.556316]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  861.561753]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  861.566704]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  861.571974] RIP: 0033:0x445939
[  861.575229] Code: Bad RIP value.
[  861.578667] RSP: 002b:00007fd74b67eda8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[  861.586471] RAX: ffffffffffffffda RBX: 00000000006dac3c RCX: 0000000000445939
[  861.593826] RDX: 0000000020000800 RSI: 0000000020000700 RDI: 0000000020000180
[  861.601156] RBP: 00000000006dac38 R08: 0000000000000000 R09: 0000000000000000
[  861.608471] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  861.615803] R13: 646165725f78616d R14: 3074656e786f6276 R15: 0000000000000001
[  861.623144] 
[  861.623144] Showing all locks held in the system:
[  861.629534] 1 lock held by khungtaskd/900:
[  861.634154]  #0: (____ptrval____) (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x428
[  861.642935] 2 locks held by rsyslogd/4462:
[  861.647227]  #0: (____ptrval____) (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200
[  861.655281]  #1: (____ptrval____) (&rq->lock){-.-.}, at: __schedule+0x24d/0x1ed0
[  861.663008] 2 locks held by getty/4553:
[  861.667056]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.675889]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.684927] 2 locks held by getty/4554:
[  861.688957]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.697289]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.706217] 2 locks held by getty/4555:
[  861.710237]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.718552]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.727521] 2 locks held by getty/4556:
[  861.731577]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.739889]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.748844] 2 locks held by getty/4557:
[  861.752902]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.761233]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.770169] 2 locks held by getty/4558:
[  861.774207]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.782522]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.791627] 2 locks held by getty/4559:
[  861.795633]  #0: (____ptrval____) (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40
[  861.803959]  #1: (____ptrval____) (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1ce0
[  861.813746] 1 lock held by syz-executor045/4583:
[  861.818567]  #0: (____ptrval____) (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds+0x53/0x120
[  861.828085] 
[  861.829751] =============================================
[  861.829751] 
[  861.836828] NMI backtrace for cpu 1
[  861.840513] CPU: 1 PID: 900 Comm: khungtaskd Not tainted 4.18.0-rc4+ #143
[  861.847447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  861.856808] Call Trace:
[  861.859521]  dump_stack+0x1c9/0x2b4
[  861.863164]  ? dump_stack_print_info.cold.2+0x52/0x52
[  861.868366]  ? vprintk_default+0x28/0x30
[  861.872453]  nmi_cpu_backtrace.cold.4+0x19/0xce
[  861.877145]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  861.881554]  ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f
[  861.886726]  nmi_trigger_cpumask_backtrace+0x151/0x192
[  861.891986]  arch_trigger_cpumask_backtrace+0x14/0x20
[  861.897173]  watchdog+0x9c4/0xf80
[  861.900615]  ? reset_hung_task_detector+0xd0/0xd0
[  861.905547]  ? kasan_check_read+0x11/0x20
[  861.909702]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.914301]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  861.919394]  ? __kthread_parkme+0x58/0x1b0
[  861.923624]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  861.928633]  ? trace_hardirqs_on+0xd/0x10
[  861.932793]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  861.938515]  ? __kthread_parkme+0x106/0x1b0
[  861.942935]  kthread+0x345/0x410
[  861.946315]  ? reset_hung_task_detector+0xd0/0xd0
[  861.951168]  ? kthread_bind+0x40/0x40
[  861.954972]  ret_from_fork+0x3a/0x50
[  861.958779] Sending NMI from CPU 1 to CPUs 0:
[  861.965555] NMI backtrace for cpu 0
[  861.965566] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.18.0-rc4+ #143
[  861.965570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  861.965587] RIP: 0010:__sanitizer_cov_trace_pc+0x26/0x50
[  861.965589] Code: 5d c3 66 90 55 65 48 8b 04 25 40 ee 01 00 65 8b 15 1f e2 85 7e 48 89 e5 81 e2 00 01 1f 00 48 8b 75 08 75 2b 8b 90 90 12 00 00 <83> fa 02 75 20 48 8b 88 98 12 00 00 8b 80 94 12 00 00 48 8b 11 48 
[  861.965692] RSP: 0018:ffff8801dae07c90 EFLAGS: 00000046
[  861.965698] RAX: ffffffff88e75dc0 RBX: 0000000000026560 RCX: 0000000000000001
[  861.965702] RDX: 0000000000000000 RSI: ffffffff816e8489 RDI: 0000000000000086
[  861.965706] RBP: ffff8801dae07c90 R08: 0000000000000000 R09: 0000000000000001
[  861.965710] R10: ffffed003b5c46d6 R11: ffff8801dae236b3 R12: ffffffff88e75dc0
[  861.965714] R13: 1ffff1003b5c0fa1 R14: ffff8801dae07e68 R15: 0000000000000000
[  861.965720] FS:  0000000000000000(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[  861.965724] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  861.965728] CR2: 00007ffc432abfe0 CR3: 00000001b008a000 CR4: 00000000001406f0
[  861.965735] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  861.965739] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  861.965740] Call Trace:
[  861.965744]  <IRQ>
[  861.965754]  tick_irq_enter+0x19/0x390
[  861.965764]  irq_enter+0xb6/0xd0
[  861.965774]  scheduler_ipi+0x3a9/0xa50
[  861.965781]  ? migration_cpu_stop+0x470/0x470
[  861.965790]  ? kasan_check_read+0x11/0x20
[  861.965797]  ? rcu_nmi_exit+0xe0/0x2d0
[  861.965803]  ? rcu_idle_enter+0x480/0x480
[  861.965812]  ? clockevents_program_event+0x140/0x370
[  861.965819]  ? kasan_check_read+0x11/0x20
[  861.965825]  ? rcu_is_watching+0x8c/0x150
[  861.965832]  ? task_prio+0x50/0x50
[  861.965916]  smp_reschedule_interrupt+0xf5/0x670
[  861.965923]  ? smp_thermal_interrupt+0x820/0x820
[  861.965930]  ? kvm_clock_read+0x25/0x30
[  861.965937]  ? kvm_sched_clock_read+0x9/0x20
[  861.965944]  ? sched_clock+0x31/0x40
[  861.965950]  ? sched_clock_cpu+0x1b/0x180
[  861.965956]  ? task_prio+0x50/0x50
[  861.965966]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  861.965974]  reschedule_interrupt+0xf/0x20
[  861.965976]  </IRQ>
[  861.965985] RIP: 0010:native_safe_halt+0x6/0x10
[  861.965986] Code: c7 48 89 45 d8 e8 0a 00 26 fa 48 8b 45 d8 e9 d2 fe ff ff 48 89 df e8 f9 ff 25 fa eb 8a 90 90 90 90 90 90 90 55 48 89 e5 fb f4 <5d> c3 0f 1f 84 00 00 00 00 00 55 48 89 e5 f4 5d c3 90 90 90 90 90 
[  861.966077] RSP: 0018:ffffffff88e07bc0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff02
[  861.966084] RAX: dffffc0000000000 RBX: 1ffffffff11c0f7b RCX: 0000000000000000
[  861.966087] RDX: 1ffffffff11e3610 RSI: 0000000000000001 RDI: ffffffff88f1b080
[  861.966091] RBP: ffffffff88e07bc0 R08: ffffed003b5c46d7 R09: 0000000000000000
[  861.966095] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  861.966099] R13: ffffffff88e07c78 R14: ffffffff899ed060 R15: 0000000000000000
[  861.966109]  default_idle+0xc7/0x450
[  861.966115]  ? __sched_text_end+0x3/0x3
[  861.966121]  ? rcu_idle_enter+0x30a/0x480
[  861.966128]  ? rcu_eqs_special_set+0x1b0/0x1b0
[  861.966138]  ? tsc_verify_tsc_adjust+0x109/0x380
[  861.966145]  ? mark_tsc_async_resets+0x20/0x20
[  861.966151]  ? tick_nohz_idle_enter+0x219/0x320
[  861.966158]  arch_cpu_idle+0x10/0x20
[  861.966164]  default_idle_call+0x6d/0x90
[  861.966170]  do_idle+0x3aa/0x570
[  861.966178]  ? arch_cpu_idle_exit+0x70/0x70
[  861.966184]  ? __schedule+0x1ed0/0x1ed0
[  861.966191]  cpu_startup_entry+0x10c/0x120
[  861.966197]  ? cpu_in_idle+0x20/0x20
[  861.966206]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  861.966213]  ? trace_hardirqs_on+0xd/0x10
[  861.966220]  rest_init+0xe1/0xe4
[  861.966237]  start_kernel+0x90e/0x949
[  861.966243]  ? mem_encrypt_init+0xb/0xb
[  861.966274]  ? early_idt_handler_common+0x3b/0x60
[  861.966283]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  861.966291]  ? x86_family+0x3e/0x50
[  861.966298]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  861.966307]  x86_64_start_reservations+0x29/0x2b
[  861.966315]  x86_64_start_kernel+0x76/0x79
[  861.966322]  secondary_startup_64+0xa5/0xb0
[  861.966558] Kernel panic - not syncing: hung_task: blocked tasks
[  862.367994] CPU: 1 PID: 900 Comm: khungtaskd Not tainted 4.18.0-rc4+ #143
[  862.374913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  862.384261] Call Trace:
[  862.386863]  dump_stack+0x1c9/0x2b4
[  862.390492]  ? dump_stack_print_info.cold.2+0x52/0x52
[  862.395688]  ? printk_safe_log_store+0x2f0/0x2f0
[  862.400560]  panic+0x238/0x4e7
[  862.403754]  ? add_taint.cold.5+0x16/0x16
[  862.407894]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  862.413435]  ? nmi_trigger_cpumask_backtrace+0x13a/0x192
[  862.419137]  ? printk_safe_flush+0xd7/0x130
[  862.423467]  watchdog+0x9d5/0xf80
[  862.426911]  ? reset_hung_task_detector+0xd0/0xd0
[  862.431862]  ? kasan_check_read+0x11/0x20
[  862.436029]  ? do_raw_spin_unlock+0xa7/0x2f0
[  862.440467]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  862.445575]  ? __kthread_parkme+0x58/0x1b0
[  862.449816]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  862.454830]  ? trace_hardirqs_on+0xd/0x10
[  862.458993]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  862.464525]  ? __kthread_parkme+0x106/0x1b0
[  862.468923]  kthread+0x345/0x410
[  862.472373]  ? reset_hung_task_detector+0xd0/0xd0
[  862.477199]  ? kthread_bind+0x40/0x40
[  862.480985]  ret_from_fork+0x3a/0x50
[  862.485186] Dumping ftrace buffer:
[  862.488777]    (ftrace buffer empty)
[  862.492482] Kernel Offset: disabled
[  862.496214] Rebooting in 86400 seconds..